Banks Step Up Customer Scam Protections And Compensation

New Zealand’s banks are bringing in a suite of new measures aligned with global best practice to further protect New Zealanders from criminal scammers.

The New Zealand Banking Association today announced a suite of consumer protections that will be progressively rolled out over the next seven months.

The banks’ consumer protections will include:

• Pre-transaction warnings to customers for certain payments
• A Confirmation of Payee service for customers to check that the name of the person they are paying matches the account number, which has recently completed roll-out
• Identification of and response to high-risk transactions or unusual account transaction activity, and the ability to delay or block transactions in some cases
• Providing a 24/7 reporting channel for customers who think they’ve been scammed, and responding to protect accounts
• Sharing scammer account information with other banks to help prevent criminal activity, and freezing funds where appropriate.

The new protections build on existing anti-scam initiatives and provide the basis for a fresh approach to banks compensating customer scam losses for authorised payment scams. This will be delivered through an update to the Code of Banking Practice. Where a bank fails to meet the five new scam protection commitments, the banks will compensate all or part of the loss for eligible customers. Banks will also retain the discretion to pay compensation beyond what is set out in the Code of Banking Practice where they consider this appropriate.

Banks will also continue to compensate losses for eligible customers where their banking was accessed without the customer’s authority.

The Code of Banking Practice will be updated to include these new scam protection commitments and the expanded compensation approach.

New Zealand Banking Association chief executive Roger Beaumont says: “Global experience shows scam prevention is the best way to protect consumers from scam losses.

“These new scam protection measures are a huge step up in the fight against scams. Banks already do a lot to identify and help prevent scams, and these new measures will enhance tech solutions to help protect customers from increasingly sophisticated scams.

“Our banks’ new protective measures will be progressively rolled out over the next seven months, with the final rollout across 13 banks in place by the end of November. This timeframe reflects the considerable time and effort that will be required to put enhanced customer protection measures in place across more than a dozen banks.

“Banks will use this time to ensure the new consumer protections work well from the start. That includes designing and implementing changes to each bank’s systems, processes, and staff training, alongside other change priorities.

“The updated Code of Banking Practice will go live on 30 November 2025 once all the new measures are in place.

“The new compensation approach recognises shared responsibilities for protecting New Zealanders from scams. Banks are stepping up their customer protections and will be accountable for those measures, but they cannot take on full liability for scam losses that are beyond their control and may, for example, start with a fake ad or chat on social media, or a fake search engine result. Consumers are also encouraged to take reasonable care to protect their banking.

“In developing this new compensation approach, banks have worked closely with the current and previous Ministers of Commerce and Consumer Affairs. Their support and involvement have helped create a fair and broad-based scheme.

“As the government has acknowledged, the scam ecosystem is far broader than just banks. To truly prevent scams, a cross-industry and government agency approach is needed. Banks can’t combat scammers on their own.

“We call on other industries such as telcos, social media companies, and global tech platforms to bring in their own scam protection measures. If other industries do so, we can move from a world-class protection system to world-leading,” says Beaumont.

Here are examples of how the new scam loss compensation approach will work:

Example One | Investment Scam (Full compensation)

A customer searches investment rates online and receives a call back after entering their details into a website. The customer has many interactions with the scammer and agrees to pay $100,000 to a domestic bank account for a 6-month term deposit. The customer initiates the payment online and does not have a history of paying large amounts in this vicinity.

The bank fails to identify the transaction as high-risk (high transaction size to a new payee, with a self-identified investment purpose), and does not respond appropriately to the payment.

The bank will compensate the customer fully, as it failed to meet its commitments, and the customer’s interactions suggest they took reasonable care when deciding to make the payment.

Example Two | Bank Impersonation Scam (No compensation)

A customer is contacted by a spoofed number purporting to be the customer’s bank. The bank has previously notified the relevant telco of the spoofed number, but the telco delayed any blocking activity. The impersonator claims the customer’s account is at risk and that $50,000 must be moved urgently to a safe account. The customer is coached through making the payment online.

The bank does not provide an educational warning about the scam risk, because the customer is coached by the scammer to select a payment that does not trigger the warning.

The bank provides a correct Confirmation of Payee check response of “no match”, but the customer pays anyway after being coached.

The bank identifies the transaction as high-risk and responds appropriately by calling the customer to discuss the payment and provide warnings. The customer pays anyway after being coached by the scammer that the bank staff member is involved in the threat.

In this case the bank met all its scam protection commitments. The bank:

• Did not need to provide an educational warning before the payment because the customer provided a false payment purpose
• Provided a correct Confirmation of Payee response
• Identified the payment as high-risk and notified the customer
• Provided a 24/7 reporting channel for the customer (not used in this case)
• Shared information with the bank that received the payment about the use of a mule account (and there were no previous reported instances of that account being used as a mule account).

The bank will not compensate the customer, as it met all its protection commitments, and could not have identified the payment was a scam based on the information provided by the customer.

Example Three | Romance Scam (Partial compensation)

A customer develops an online relationship with someone pretending to be a New Zealand celebrity. The customer makes several low value payments for various reasons to accounts provided by the celebrity. The celebrity asks for $50,000 for a particular activity, to be sent to the celebrity’s “business partner”.

The bank provides a correct Confirmation of Payee check response of “no match”, but the customer pays anyway.

The bank failed to identify the transaction as high-risk (high transaction size to a new payee).

The bank will partially compensate the customer, as it failed to meet its commitments. The customer did not take reasonable care when deciding to make the payment by failing to respond to a Confirmation of Payee “no match” and accordingly is considered partially responsible for the loss.

© Scoop Media